SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2002-1996

Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html

http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html

BID-4350

http://sourceforge.net/tracker/index.php?func=detail&aid=524777&group_id=27927&atid=392228

postnuke-modules-index-css(8605)


30479



423868



248038



909



194772



282